OFFICE OF THE AUDITOR

DENVER SHERIFF DEPARTMENT
KEEFE COMMISSARY NETWORK, LLC
REVENUE AND CONTRACT COMPLIANCE AUDIT
JANUARY 2009

Dennis J. Gallagher
Auditor

City and County of Denver
201 West Colfax Ave., Dept. 705 • Denver, Colorado 80202 • 720-913-5000, FAX 720-913-5247
www.denvergov.org/auditor

Dennis J. Gallagher
Auditor

January 28, 2009
Mr. William R. Lovingier
Director of Corrections and Undersheriff
Denver Sheriff Department
City and County of Denver
Dear Mr. Lovingier:
Attached is the Auditor’s Office Audit Services Division’s revenue and contract compliance
audit report of the Keefe Commissary Network, LLC contract dated October 1, 2006. The audit
was for the period October 1, 2006 through December 31, 2007. The purpose of the audit was to
determine if Keefe Commissary Network, LLC and the Denver Sheriff Department complied
with the terms of the contract and whether internal controls in place were adequate.
The audit revealed reportable weaknesses related to contract administration, internal controls,
and contract compliance. These weaknesses are disclosed in detail within the accompanying
report.
If you have any questions, please contact Kip Memmott, Director of Audit Services, at
720-913-5029.
Sincerely,

Dennis J. Gallagher
Auditor
DJG/ect
cc:

Honorable John Hickenlooper, Mayor
Honorable Members of City Council
Members of Audit Committee
Ms. Kelly Brough, Chief of Staff
Mr. Claude Pumilia, Chief Financial Officer
Mr. Chris Henderson, Chief Operating Officer
Mr. David Fine, City Attorney

To promote open, accountable, efficient and effective government by performing impartial reviews and other audit
services that provide objective and useful information to improve decision making by management and the people.
We will monitor and report on recommendations and progress towards their implementation.
1

Mr. Lovingier and Mr. Archer
January 28, 2009
Page Two
Ms. Lauri Dannemiller, City Council Executive Staff Director
Ms. Beth Machann, Controller
Mr. Alvin LaCabe, Manager of Safety
Mr. Michael Henry, Interim Director
Mr. Mike Archer, Regional Vice President, Keefe Commissary Network, LLC

2

TABLE OF CONTENTS

Transmittal Letter

1

Table of Contents

3

Auditor’s Report

4

Executive Summary

5

Background, Scope, Objective, and Methodology

6

Findings, Recommendations, and Responses

8

Schedule of Amount Due and Paid and Related Notes

11

Exhibit A – Denver Sheriff Department Response

13

3

City and County of Denver
201 West Colfax Ave., Dept. 705 • Denver, Colorado 80202 • 720-913-5000, FAX 720-913-5247
www.denvergov.org/auditor

Dennis J. Gallagher
Auditor

AUDITOR’S REPORT
We have completed a revenue and contract compliance audit of the agreement dated October 1,
2006 between Keefe Commissary Network, LLC (Keefe) and the Denver Sheriff Department
(DSD). The purpose of the audit was to determine whether Keefe and DSD complied with
various terms and conditions of the contract as well as City and County of Denver rules and
regulations. This audit was included in the Auditor’s Office Audit Services Division’s Annual
Audit Plan and is authorized pursuant to the City and County of Denver Charter, Article V, Part
2, Section 1, General Powers and Duties of Auditor. We conducted our audit in accordance with
generally accepted government auditing standards.
The audit revealed Keefe and DSD did not comply with important provisions of the contract
related to payment terms, amounts due, insurance, and reporting requirements.
We extend our appreciation to the personnel who assisted and cooperated with us during the
audit.
Audit Services Division

Kip R. Memmott, MA, CGAP, CICA
Director of Audit Services

Date: January 28, 2009
Staff: Ken Kemple, CISA, CICA, Deputy Director
Mike Widner, CICA, Audit Supervisor
Manijeh Taherynia, CPA, CFE, Senior Internal Auditor
Rebecca Corral, CFE, Senior Internal Auditor

To promote open, accountable, efficient and effective government by performing impartial reviews and other audit
services that provide objective and useful information to improve decision making by management and the people.
We will monitor and report on recommendations and progress towards their implementation.
4

KEEFE COMMISSARY NETWORK LLC
EXECUTIVE SUMMARY
FOR THE PERIOD OCTOBER 1, 2006 THROUGH DECEMBER 31, 2007

This summary highlights the findings of the revenue and contract compliance audit of the Keefe
Commissary Network, LLC (Keefe) contract. The Findings and Recommendations section of
the report beginning on page 8 further describes these issues in detail. The responses from the
Denver Sheriff Department (DSD) to these findings are contained in Exhibit A.
Finding I - Non-Compliance with Contract Terms Caused Underpayment and Increased
Risk to the City
Audit work revealed DSD made verbal agreements with Keefe regarding payment terms and
commissions in violation of Executive Order No. 8. Furthermore, we noted DSD failed to
properly monitor and enforce Keefe’s compliance with contract provisions regarding insurance,
financial, and other reporting requirements.
Unauthorized Payment Process - The contract provisions require DSD to remit gross
commissary receipts to Keefe on a weekly basis. Keefe is then required to calculate and pay
monthly commissions of 44% on commissary sales after deducting appropriate taxes. However,
DSD and Keefe enacted a verbal agreement which changed the payment process. Based on the
existing verbal agreement, DSD does not make weekly payments. Instead, DSD retains
commissions calculated by Keefe’s system and pays the contractor monthly for the remaining
balance.
Improper Calculation of Commissions - The contract defines commissions due as 44% of gross
receipts, net of applicable taxes. However, audit work revealed DSD instructed Keefe to reduce
the prices charged to inmates for certain clothing items and, in return, make sales of these items
subject to a 20% commission rate. Additionally, audit work noted the combined sales tax rate
was incorrectly programmed in Keefe’s software which resulted in understated sales tax
deductions for the entire audit period. As a result of these two issues, DSD collected $5,940 less
than the commission amount prescribed by the contract. In addition, since Keefe does not
actually make payments to DSD, we were unable to assess late payment interest penalties on
amounts due.
Non-Enforcement of Contract Provisions - We noted DSD failed to enforce Keefe’s
compliance with contract requirements related to insurance coverage, submission of monthly and
annual financial reports, and evidence of compliance with Payment Card Industry Data Security
Standards (PCI DSS) during the audit period.
Recommendations
We recommend DSD assess and collect the $5,940 due from Keefe. We recommend DSD and
Keefe immediately discontinue their verbal agreements and follow the contract provisions until
proper contract amendments are enacted. We also recommend DSD monitor and enforce
insurance, financial, and other reporting requirements to mitigate risks to the City.

5

KEEFE COMMISSARY NETWORK, LLC
BACKGROUND, SCOPE, OBJECTIVE, AND METHODOLOGY
FOR THE PERIOD OCTOBER 1, 2006 THROUGH DECEMBER 31, 2007

Background
Keefe Commissary Network, LLC (Keefe) entered into an agreement with the Denver Sheriff
Department (DSD) effective October 1, 2006 to exclusively provide canteen and commissary
services for the inmate population at the Denver County Jail and the Pre-Arraignment Detention
Facility. The contract extends through December 31, 2008 and may be renewed for up to four
additional years subject to the parties’ agreement and execution of such agreement.
The “Undersheriff Prisoner Purchase, Welfare, and Recreation Trust,” established by D.R.M.C.
Article XV, holds inmate funds in a City trust administered by the Denver Sheriff Department.
Keefe has provided a proprietary software program to DSD which records individual inmate
account balances, facilitates commissary sales, generates sales reports, and is the accounting
system for the Trust Fund. Friends and family can place funds on inmate accounts by credit
card, wire transfer, money order, and cash. Inmates can then use the available funds to purchase
food, drink, and personal hygiene items from the commissary. All commissary sales proceeds
are deposited into the Trust Fund. Under the terms of the contract, DSD is required to remit
commissary sales to Keefe on a weekly basis. Keefe is required to pay DSD a commission fee
equal to 44% of revenue, net of appropriate taxes, on a monthly basis.
Scope
The audit of the Keefe Commissary Network, LLC contract (PeopleSoft fund/org.
56951/3532000) was for the period October 1, 2006 through December 31, 2007. The audit
focused on evaluation of internal controls over processing inmate orders, accounting entries for
commissary transactions, and proper reporting of commissary sales and sales commissions. The
audit also examined the contractor’s compliance with insurance and reporting requirements.
Objective
The objective of our audit was to determine whether Keefe was in compliance with the terms of
the contract, commissary sales were properly reported, and sales commissions were accurately
calculated and paid. We also assessed DSD’s performance in monitoring the contract and their
compliance with City rules and regulations.
Methodology
The evidence gathering and analysis techniques used in order to meet the audit objectives
included, but were not limited to:
•

Evaluating internal controls over recording and reporting inmate commissary sales and
refunds;

•

Testing and documenting reliability of computer processed data;

6

BACKGROUND, SCOPE, OBJECTIVE, AND METHODOLOGY

KEEFE COMMISSARY NETWORK, LLC

•

Reconciling, on a test basis, commissary sales and refunds per system generated reports
to source documents;

•

Tracing, on a test basis, reported commissary sales to accounting records;

•

Reviewing sales commission calculations for accuracy;

•

Conducting discussions with management; and

•

Obtaining and reviewing evidence of insurance, performance bonds, the required
monthly and annual financial reports, and proof of compliance with Payment Card
Industry Data Security Standards (PCI DSS).

7

KEEFE COMMISSARY NETWORK, LLC
FINDINGS AND RECOMMENDATIONS
FOR THE PERIOD OCTOBER 1, 2006 THROUGH DECEMBER 31, 2007

Finding I - Non-Compliance with Contract Terms Caused Underpayment and Increased
Risk to the City
Audit work determined the Denver Sheriff Department (DSD) implemented verbal agreements
with Keefe Commissary Network, LLC (Keefe) with respect to payment terms and commissions
due in direct violation of Executive Order No. 8, Contracts and Other Written Instruments,
which states, “…an amendment is required whenever a provision of the contract needs to be
changed. Verbal instructions or written correspondence may not be considered as amendments
to a contract.” Additionally, we noted DSD failed to properly monitor and enforce contract
provisions regarding certain insurance, financial, and other reporting requirements. These issues
are described in further detail below:
Unauthorized Payment Process – As shown in Figure 1, the contract requires Keefe to submit
an invoice on a weekly basis for gross commissary sales. DSD is then required to pay the entire
amount of gross receipts to Keefe. Keefe is then responsible for calculating commissions due to
DSD and remitting commission payments on a monthly basis.

Figure 1 - Payment Process per Contract

However, DSD entered into a verbal agreement with Keefe which altered the payment process.
Based upon the current verbal agreement as illustrated in Figure 2, DSD receives weekly
invoices from Keefe, but DSD does not remit the gross sales to Keefe. Instead, DSD retains
commissions based on the invoice and pays Keefe the remaining balance.

Figure 2 - Payment Process per Verbal Agreement
8

FINDINGS AND RECOMMENDATIONS

KEEFE COMMISSARY NETWORK, LLC

Improper Calculation of Commissions - The contract defines commissions due as 44% of gross
receipts, net of applicable taxes. However, audit work revealed that shortly after entering the
contract, DSD and Keefe made an improper verbal agreement which altered the percentage of
commission due. Specifically, DSD requested Keefe reduce the prices charged to inmates for
certain clothing items and, in return, DSD agreed to receive sales commissions of 20% on these
items.
In addition, we noted the combined sales tax rate was incorrectly programmed in Keefe’s
software at the rate of 7.2% when it should have been applied at 7.6% from October through
December 31, 2006 and 7.72% beginning January 1, 2007. Furthermore, DSD failed to identify
the erroneous sales tax rate which could have been detected through recalculation and
reconciliation of commission amounts due. As a result, Keefe’s allowable sales tax deduction
from gross sales was understated for the entire audit period.
Ultimately, DSD collected $5,940 less than the commission amount prescribed by the contract.
In addition, since Keefe does not actually make payments to DSD on a monthly basis as
highlighted above, we were unable to determine and assess late payment interest penalties on
amounts due in accordance with the contract.
Non-Enforcement of Contract Provisions - Executive Order No. 8 outlines DSD’s
responsibility for monitoring and ensuring compliance with contract terms throughout the life of
the contract. However, audit work noted DSD failed to monitor and enforce Keefe’s compliance
with several contract provisions as highlighted below:
•

Based upon our examination of insurance policies, we noted Keefe did not obtain
insurance containing professional liability and employee dishonesty coverage as required
by the contract. Additionally, DSD did not review the insurance certificates maintained
by the contractor to ensure all required types of coverage were included in the policy.
Inadequate insurance coverage increases risk of third party liability for both Keefe and
DSD.

•

Audit work revealed Keefe failed to submit monthly sales summaries certified by an
officer of the company, as well as annual CPA certified statements detailing gross
receipts, deductions, net receipts, and the resulting sales commissions due as required by
the contract. Although DSD can independently generate monthly and annual sales
reports from the Keefe system, the financial reporting requirements are intended to
provide additional assurance that amounts due and paid are accurately recorded and
reported. Moreover, CPA certified annual statements could have detected the erroneous
tax rate and mitigated incorrect calculations of commissions due.

•

The contract requires Keefe to provide verification of compliance with Payment Card
Industry Data Security Standards (PCI DSS) since credit and debit cards are used to fund
inmate accounts. However, Keefe failed to submit evidence of quarterly data
vulnerability scans or annual audits certifying PCI DSS compliance and DSD did not
require these reports throughout the audit period. Despite multiple audit requests, Keefe
did not provide these reports. As a result, the City is left with no level of assurance that
Keefe has complied with PCI DSS.
9

FINDINGS AND RECOMMENDATIONS

KEEFE COMMISSARY NETWORK, LLC

Recommendations
1. We recommend DSD assess and collect $5,940 in sales commissions due from Keefe in
accordance with the contract. We recommend DSD fully comply with City contracting rules
that prohibit entering into verbal agreements with third parties. Since the contract expires
December 31, 2008, the parties will have the opportunity to renegotiate the contract terms,
incorporate any desirable changes, and pursue these changes through a proper contract
amendment as required by Executive Order No. 8.
2. We recommend DSD work with Keefe to immediately correct the tax rate programmed in the
system. Specifically, we recommend DSD monitor combined tax rate changes and ensure
tax tables are programmed correctly in Keefe’s system. Additionally, we recommend DSD
require Keefe to submit the financial reports outlined in the contract to mitigate the risk of
improper recording and reporting of sales and subsequent commissions due. DSD’s finance
personnel should perform monthly and yearly recalculations of commissions in accordance
with the contract, reconcile amounts due with Keefe’s financial reports, and resolve any
discrepancies with Keefe.
3. In order to protect both DSD and Keefe from potential claims by third parties, we
recommend Keefe obtain insurance policies which satisfy all the current coverage
requirements. Additionally, we recommend DSD review these new policies and, if
necessary, consult with Risk Management and the City Attorney’s Office to ensure adequacy
of the coverage and compliance with the terms of the contract.
4. We recommend Keefe submit evidence of quarterly data vulnerability scans or annual audits
verifying compliance with PCI DSS. Further, we recommend DSD require, obtain, and keep
on file the proof of compliance with this requirement on a regular basis.

10

KEEFE COMMISSARY NETWORK, LLC
SCHEDULE OF AMOUNTS DUE AND PAID
FOR THE PERIOD OCTOBER 1, 2006 THROUGH DECEMBER 31, 2007

Amount Due
(Note 1)

Amount Paid
(Note 2)

Balance Due
DSD/(Keefe)

$136,437
$136,437

$135,687
$135,687

$750
$750

Sales Commissions
Total:

$577,970
$577,970

$572,780
$572,780

$5,190
$5,190

Grand Total

$714,407

$708,467

$5,940

Periods
10/1/06 - 12/31/06
Sales Commissions
Total:
1/1/07 - 12/31/07

The accompanying notes are an integral part of this schedule.

11

NOTES TO SCHEDULE OF AMOUNTS DUE AND PAID

1.

KEEFE COMMISSARY NETWORK, LLC

Amounts Due (Note 1)

Sales commissions, as shown in the accompanying schedule, is 44% of net receipts which is
defined as all receipts from sales of products under the contract agreement, less applicable sales
tax. Counterfeit money or loss from theft shall not be deducted in the calculation of gross
receipts.
2.

Amounts Paid (Note 2)

All amounts paid in the schedule of amounts due and paid were compiled from the Denver
Sheriff Department’s cash disbursement records. Amounts paid include those due during the
audit period and paid in the ordinary course of business whether or not within the audit period.

12

EXHIBIT A – DENVER SHERIFF DEPARTMENT RESPONSE KEEFE COMMISSARY NETWORK, LLC

13

EXHIBIT A – DENVER SHERIFF DEPARTMENT RESPONSE KEEFE COMMISSARY NETWORK, LLC

14

EXHIBIT A – DENVER SHERIFF DEPARTMENT RESPONSE KEEFE COMMISSARY NETWORK, LLC

JAN- 13-2009

11 : 27

Agree with
Recommendation

P. 003

PANA 8060

Within 60 days

Mohammad Da hleh
720-865-4107

RECOMMENDAT ION 4: We recommend Keefe submit evidence of quarterly data vulnerability
scans or annual audits verifying compliance with PCI DSS. Further, we recommend DSD require,
obtoin, and keep on file the proof of compliance with this requirement on a regular basis.
> RESPONSE/ACTION PLAN: We wilJ work with Keefe to suhmit evidence of quarterly date
vulnerability scans or annual audits verifying compliance with PCI DSS.

State your agreem ent or
reason for disagreement
with Recommendation
Agree with
Recommendation

Target date to complete
implementation activities
(Generally expected
within 60 to 90 davs)
Will state in 2009 contract
Within 60 days

Name and phone number
of primary individual
responsible for
Implementation
Mohammad Dahleh
720-865-4107

Please contact Mar k Valentine at (720) 865-4108 with any questions.
Sincerely,

NI#
Mark Vale11Line
Director of Fitlance
cc: Director Bill Lovingier
Chief Ronald Foos

TOTAL P.003

15